FQDNs in masters-list (was: Help: Secondary for...)

Brad Knowles brad.knowles at skynet.be
Tue Mar 6 22:40:50 UTC 2001

At 4:20 PM -0500 3/6/01, Kevin Darcy wrote:

>  Well, actually, TSIG-authenticated Dynamic Updates work fine, but this is
>  rather beside the point: the original suggestion called for signed
>  *NOTIFYs*, not Dynamic Updates. Signed NOTIFYs are technically illegal, but
>  a slight extension to RFC 1996 would permit them.

	Do you actually have code that implements TSIG-authenticated 
dynamic updates?  I'm not personally aware of any, but then I concede 
that I haven't been following this issue as closely as I should.

	Of course, as you point out, that does actually solve only part 
of the problem.  Indeed, I'm not convinced that even signed NOTIFYs 
would entirely solve the rest of the problem -- when you configure a 
nameserver to pull secondary from another, the configuration details 
of which machine you pull secondary from are actually outside the 
scope of the DNS protocol, and is a configuration detail of your 
particular nameserver software.

Brad Knowles, <brad.knowles at skynet.be>

More information about the bind-users mailing list